CISSP - Question Bank 10
Test your knowledge of CISSP with these multiple choice questions. Each Question Bank includes 20 practice questions that have been designed to measure your knowledge of key ideas.
A key factor to keep in mind is that guessing is better than not answering a question.
Every single question on the CISSP exam is a four-option multiple choice question with a single correct answer. Some are straightforward, such as asking you to select a definition. Some are a bit more involved, such as asking you to select the appropriate concept or best practice. And some questions present you with a scenario or situation and ask you to select the best response.
StartQ1. In the RSA public key cryptosystem, which one of the following numbers will always be largest?
A. e
B. n
C. p
D. q
The Correct Answer is B.
Explanation: The number n is generated as the product of the two large prime numbers p and q. Therefore, n must always be greater than both p and q. Furthermore, it is an algorithm constraint that e must be chosen such that e is smaller than n. Therefore, in RSA cryptography n is always the largest of the four variables shown in the options to this question.
Q2. Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
A. RSA
B. Diffie-Hellman
C. 3DES
D. IDEA
The Correct Answer is B.
Explanation: The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.
Q3. If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?
A. Richard's public key
B. Richard's private key
C. Sue's public key
D. Sue's private key
The Correct Answer is C.
Explanation: Richard must encrypt the message using Sue's public key so that Sue can decrypt it using her private key. If he encrypted the message with his own public key, the recipient would need to know Richard's private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard's freely available public key. Richard could not encrypt the message using Sue's private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.
Q4. If a 2,048-bit plaintext message was encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be?
A. 1,024 bits
B. 2,048 bits
C. 4,096 bits
D. 8,192 bits
The Correct Answer is C.
Explanation: The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plaintext message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.
Q5. Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wishes to maintain the same cryptographic strength, what ECC key length should it use?
A. 160 bits
B. 512 bits
C. 1,024 bits
D. 2,048 bits
The Correct Answer is A.
Explanation: The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024- bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.
Q6. John would like to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be?
A. 160 bits
B. 512 bits
C. 1,024 bits
D. 2,048 bits
The Correct Answer is A.
Explanation: The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.
Q7. Which one of the following message digest algorithms is considered flawed and should no longer be used?
A. SHA-1
B. MD2
C. MD4
D. MD5
The Correct Answer is C.
Explanation: The MD4 algorithm has documented flaws that produce collisions, rendering it useless as a hashing function for secure cryptographic applications.
Q8. Which one of the following message digest algorithms is the current U.S. government standard in use by secure federal information processing systems?
A. SHA-1
B. MD2
C. MD4
D. MD5
The Correct Answer is A.
Explanation: SHA-1 is the current U.S. government standard, as defined in the Secure Hashing Standard (SHS), also known as Federal Information Processing Standard (FIPS) 180. Several newer algorithms (such as SHA-256, SHA-384, and SHA-512) are being considered to replace SHA-1 and make it cryptographically compatible with the stronger Advanced Encryption Standard.
Q9. Richard received an encrypted message sent to him from Sue. Which key should he use to decrypt the message?
A. Richard's public key
B. Richard's private key
C. Sue's public key
D. Sue's private key
The Correct Answer is B.
Explanation: Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.
Q10. Richard would like to digitally sign a message he’s sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?
A. Richard's public key
B. Richard's private key
C. Sue's public key
D. Sue's private key
The Correct Answer is B.
Explanation: Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.
Q11. Which one of the following algorithms is not supported by the Digital Signature Standard?
A. Digital Signature Algorithm
B. RSA
C. El Gamal DSA
D. Elliptic Curve DSA
The Correct Answer is C.
Explanation: The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.
Q12. Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication?
A. X.500
B. X.509
C. X.900
D. X.905
The Correct Answer is B.
Explanation: X.509 governs digital certificates and the public key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.
Q13. What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman's Pretty Good Privacy secure e-mail system?
A. DES/3DES
B. IDEA
C. ECC
D. El Gamal
The Correct Answer is B.
Explanation: Pretty Good Privacy uses a "web of trust" system of digital signature verification. The encryption technology is based upon the IDEA private key cryptosystem.
Q14. What TCP/IP communications port is utilized by Secure Sockets Layer traffic?
A. 80
B. 220
C. 443
D. 559
The Correct Answer is C.
Explanation: Secure Sockets Layer utilizes TCP port 443 for encrypted client/server communications.
Q15. What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption?
A. Birthday
B. Chosen ciphertext
C. Meet-in-the-middle
D. Man-in-the-middle
The Correct Answer is C.
Explanation: The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.
Q16. Which of the following security systems was created to support the use of stored-value payment cards?
A. SET
B. IPSec
C. MONDEX
D. PGP
The Correct Answer is C.
Explanation: The MONDEX payment system, owned by MasterCard International, provides the cryptographic technology necessary to support stored-value payment cards.
Q17. Which of the following links would be protected by WEP encryption?
A. Firewall to firewall
B. Router to firewall
C. Client to wireless access point
D. Wireless access point to router
The Correct Answer is C.
Explanation: The Wired Equivalent Privacy protocol encrypts traffic passing between a mobile client and the wireless access point. It does not provide end-to-end encryption.
Q18. What is the major disadvantage of using certificate revocation lists?
A. Key management
B. Latency
C. Record keeping
D. Vulnerability to brute force attacks
The Correct Answer is B.
Explanation: Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.
Explanation: Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.
Q19. Which one of the following encryption algorithms is now considered insecure?
A. El Gamal
B. RSA
C. Skipjack
D. Merkle-Hellman Knapsack
The Correct Answer is D.
Explanation: The Merkle-Hellman Knapsack algorithm, which relies upon the difficulty of factoring superincreasing sets, has been broken by cryptanalysts.
Q20. What does IPSec define?
A. All possible security classifications for a specific configuration
B. A framework for setting up a secure communication channel
C. The valid transition states in the Biba model
D. TCSEC security categories
The Correct Answer is B.
Explanation: IPSec is a security protocol that defines a framework for setting up a secure channel to exchange information between two entities.
- Question Bank 00
- Question Bank 01
- Question Bank 02
- Question Bank 03
- Question Bank 04
- Question Bank 05
- Question Bank 06
- Question Bank 07
- Question Bank 08
- Question Bank 09
- Question Bank 10
- Question Bank 11
- Question Bank 12
- Question Bank 13
- Question Bank 14
- Question Bank 15
- Question Bank 16
- Question Bank 17
- Question Bank 18
- Question Bank 19
Copyright © 2018 | All Rights Reserved | Designed & Developed by Yeahhub.com